An already challenging BSA/AML compliance risk environment continues to grow in complexity, as financial institutions seek to meet requirements for due diligence on higher-risk categories of customers.
Without question, risk management is at the forefront of today’s regulatory scrutiny. In its Fall 2017 Semiannual Risk Perspective, the Office of the Comptroller of the Currency (OCC) stated, “BSA/AML compliance risk management remains an area of emphasis as banks are challenged with adopting risk management systems that can keep pace with evolving risks, constraints on resources, changes in business models, and an increasingly complex risk environment.”
Beyond account opening
In response to FinCEN’s Final CDD Rule, which came into effect in May 2018, updated customer due diligence requirements in the FFIEC BSA/AML Examination Manual have become a point of focus for many BSA/AML professionals. Most prominently covered financial institutions (FIs) are required to adapt their policies and procedures to ensure for the collection of Beneficial Ownership information for new relationships.
While the requirement for collection of information at account opening garnered much of the regulatory spotlight, the expectations toward ongoing due diligence and monitoring are equally notable.
As the updated Exam Manual outlines:
“All banks must develop and implement appropriate risk-based procedures for conducting ongoing customer due diligence, including:
- Obtaining and analyzing sufficient customer information to understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile;
- Conduct ongoing monitoring — for the purpose of identifying and reporting suspicious transactions and — on a risk basis, to maintain and update customer information, including information regarding the beneficial owner(s) of legal entity customers.”
A risk-based approach to BSA/AML compliance goes far beyond collecting information at account opening. FIs must understand a customer relationship throughout its lifecycle — from the collection of information at opening to ongoing activity monitoring.
The challenge of effective risk management
Effective risk management requires the categorization of customers into risk categories that accurately reflect the danger they may pose to the institution. High-risk customer groups require an elevated level of due diligence that many FIs struggle to maintain.
The situation is made even more demanding by the stratified nature of risk within defined risk categories. For example, a small, local grocery store with check cashing services is inherently less risky to an FI than a larger-scale international money transmitter.
For some compliance departments, this can feel like an insurmountable challenge.
In June 2017, on behalf of the Florida Bankers Association, Lloyd DeVaux (Sunstate Bank, FL) provided testimony before the United States House of Representatives – Financial Services Committee regarding the challenges BSA demands are placing on the industry.
During his testimony, DeVaux explained how his $200 million-in-assets community bank currently employs seven people to manage its compliance program, a number representing over 15% of the bank’s workforce. This, DeVaux argues, “underscores the fact that BSA compliance efforts represent a significant use of bank resources, in time, money and human capital.”
Later, he offers insight into the cost of banking high-risk customers and the decisions that result once a cost/benefit analysis is applied.
“In an informal survey conducted by the Florida Bankers Association, 91% of the banks that responded said that BSA/AML regulation has caused them to avoid certain industries, decrease business development, and lower customer retention. Many industries that are legal businesses are labeled “high risk” by regulators. This means banks must collect more customer data, conduct more analysis, provide more oversight and monitoring, and engage in more site visits—all of which translates into higher costs for the bank and for the customer. The best option, in many cases, is to not bank certain industries and certain customers, and to ask existing customers to close their account(s). From the bank’s perspective, it is a simple matter of cost/benefit analysis: the economics of compliance make it unprofitable to maintain certain accounts.”
Unfortunately, de-risking can create a separate set of problems. Without access to banking services, certain high-risk businesses may have to resort to operating almost entirely in cash, weakening the ability of government agencies to detect and prevent money laundering and related crimes. It also has the potential to negatively impact public safety. Look no further than the current climate around Marijuana-Related Businesses (MRBs) for an example.
The role of technology
Many institutions currently rely on disparate processes to manage high-risk customers, from isolated software or manual methods to capture account opening data to multiple transaction monitoring systems siloed within their own transaction channels. This fractured picture makes it incredibly difficult to properly categorize these customers and maintain appropriate monitoring.
Considering these challenges facing FIs and their compliance departments, technology can provide an answer through increased efficiency and effectiveness.
A technology platform that uses intelligent categorization of high-risk customers can help FIs establish an end-to-end, risk-based approach to BSA/AML compliance, and should include:
- Identification of high-risk customers and relative risk factors, allowing for categorization of customers into their applicable high-risk groups.
- Risk Stratification to address how risk differs within each high-risk category, and automatically risk score each customer relative to others in the same group.
- EDD Review Workflows that automate tasks and reminders, and that integrate into ongoing AML monitoring and surveillance processes.
- Surveillance that applies targeted analytics to specific groups, and monitors them for risk factors and unusual activity.
For many institutions, keeping pace with BSA compliance requirements is both intricate and costly. With regulatory expectations continuing to expand and criminal activity continuing to evolve, technology offers an effective and cost-efficient way forward.
To learn more about how Verafin’s approach can help your institution meet and exceed its BSA/AML needs, visit our High-Risk Customer Management page.